How TCP really works: Top 3 things you need to know!
YouTube video with the amazing Chris Greer: https://youtu.be/Auwn3RWapRE
Yesterday the #H2O web server #NixOS module merged into #Nixpkgs with #HTTP3 / #QUIC support to be super easy.
An example of a simple reverse proxy usage, with compression + ACME + HTTP/2 + HTTP/3 + TLS redirect + Mozilla recommended TLS settings, would look like:
services.h2o = {
enable = true;
settings = {
compress = "ON";
http2-reprioritize-blocking-assets = "ON";
ssl-offload = "kernel";
};
hosts."example.org" = {
tls = {
policy = "force";
quic = { };
recommendations = "modern";
};
acme.enable = true;
settings = {
paths."/" = {
"proxy.reverse.url" = "http://127.0.0.1:42069";
};
};
};
}
System Administration
Week 7, HTTP and CDNs
After discussing the DNS, we now move on to #HTTP and HTTPS. While we don't have videos for these sections, hopefully the lecture slides can help you get an idea of what we're covering there. We review the basic HTTP protocol, peek at #QUIC and H3, and talk about load balancing and content delivery networks:
The HTTP/3 Challenge: Bridging the Divide Between Hyperscale and Long-Tail Web Traffic
HTTP/3, built on Google's QUIC protocol, promises to revolutionize web performance, yet its adoption faces significant hurdles. As major browsers and CDNs embrace the new standard, the lack of support...
Je crois qu'on peut en faire une loi : tout protocole Internet peut tourner au-dessus de tous les protocoles de transport que produit l'#IETF. Là, on a #EPP sur #QUIC : https://datatracker.ietf.org/doc/draft-ietf-regext-epp-quic/
Technical Advisory – Hash Denial-of-Service Attack in Multiple #QUIC Implementations
Go-msquic: A new QUIC/HTTP3 library for Go
Link: https://github.com/noboruma/go-msquic
Discussion: https://news.ycombinator.com/item?id=43098690
We have a canary build of our @nlnetlabs #unbound #docker image with #quic support available for testing, yay! 
madnuttah/unbound:canary-quic 
Let me explain the #OpenSSL #QUIC API move and what it might mean. For #curl and for others.
https://daniel.haxx.se/blog/2025/02/16/openssl-does-a-quic-api/
An #ngtcp2 lead developer told me they have no current plans to adapt to the new #OpenSSL #QUIC API because of its lack of 0RTT support and the "pull model".
Of course someone else can go ahead and write it and ideally someone from #OpenSSL does it, for dogfooding purposes.
I have no heard of any other QUIC stack either having adapted to it yet.
I asked the #OpenSSL team about their new #QUIC API:
Out of curiosity: since you decided to provide a quite different API than what was once offered to you and what several QUIC stacks are already using. How did you come up with this API?
https://github.com/openssl/openssl/pull/26683#issuecomment-2654928163
#OpenSSL suddenly decided to provide an API for others to do #QUIC with it: https://github.com/openssl/openssl/pull/26683
It is now *six* years ago since I first blogged about how the #QUIC API situation was going to slow down QUIC (and HTTP/3) deployment. Unfortunately I was entirely correct.
https://daniel.haxx.se/blog/2019/01/21/quic-and-missing-apis/
The follow-up post a few years later on OpenSSL's decision to be a laggard:
https://daniel.haxx.se/blog/2021/10/25/the-quic-api-openssl-will-not-provide/
TIL Network protocols Sans I/O 
“… network protocol implementations written in Python that perform no I/O (this means libraries that operate directly on text or bytes; this excludes libraries that just abstract out I/O).” 
Read the reference page 
https://sans-io.readthedocs.io/
Anoxinon e.V. 
